[rust-dev] No range integer type? Saftey beyond memory?

Graydon Hoare graydon at mozilla.com
Tue Apr 23 10:43:30 PDT 2013


On 22/04/2013 9:57 PM, Robert O'Callahan wrote:
> On Tue, Apr 23, 2013 at 4:18 AM, Graydon Hoare <graydon at mozilla.com
> <mailto:graydon at mozilla.com>> wrote:
>
>     We've also had some requests for a mechanism to enable overflow
>     checking on _all_ integer types within a given static or dynamic
>     program extent, using attributes.
>
>
> I, at least, made a request for overflow checking on all integer types,
> full stop :-). And I still want it; failure of obvious properties like
> "a >= 0 ===> a + b >= b" is just crazy, and I'm tired of living in
> crazy-land.

How much of a performance penalty is it worth? I believe you can trap 
this in C presently with a gcc flag too (-ftrapv); but it's a flag 
rarely turned on.

(I generally concur and wanted rust integers to overflow to bignums 
originally! But I have had to retreat from such stances due to 
complaints about performance / not-C-ness. I suspect the attribute 
mechanism is the right approach for such pragmas; would it be acceptable 
to put one attribute in each of your crates?)

-Graydon



More information about the Rust-dev mailing list